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In the Claims : 

Following is a complete listing of the claims pending in the application, as 
amended: 

1. (Original) A method for a security manager device to manage a plurality 
of network security devices with a plurality of supervisor devices, each network security 
device generating network security information related to an associated group of 
network devices, storing the generated network security information on a primary 
supervisor device for the network security device when the primary supervisor device is 
available to store the generated network security information, and storing the generated 
network security information on an alternate supervisor device when the primary 
supervisor device is unavailable, the method comprising: 

distributing security control information to multiple network security 
devices, the security control information to be used to generate network security 
information, by 

determining a supervisor device that is the primary supervisor 
device for each of the multiple network security devices; 

sending a single copy of the security control information to the 
determined supervisor device; and 

indicating to the determined supervisor device to send a copy of 
the security control information to each of the multiple network security devices; and 

aggregating the network security information generated by an indicated 
one of the multiple network security devices using the security control information, by 

determining at least one alternate supervisor device that stores at 
least a portion of the network security information generated by the indicated network 
security device; 

notifying the primary supervisor device for the indicated network 
security device of a desire for the generated network security information, the notifying 
including an indication of the determined alternate supervisor devices; and 

in response, receiving the generated network security information, 
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SO that the manager device can efficiently distribute information to multiple network 
security devices, and can retrieve all of the generated network security information for a 
network security device because alternate supervisor devices will store the information 
when the primary supervisor device for the network security device is unavailable. 

2. (Original) The method of claim 1 including generating network security 
information by, for each network security device: 

monitoring network information passing between any network device in 
the associated group for the network security device and any network device not in the 
associated group; and 

when the monitored network information is of an indicated type, 

determining whether the primary supervisor device for the network 
security device is available to receive information; 

when the primary supervisor device is available, sending network 
security information about the monitored network information to the primary supervisor 
device for storage; and 

when the primary supervisor device is not available, sending 
network security information about the monitored network information to an alternate 
supervisor device for storage. 

3. (Original) The method of claim 2 wherein for each network security 
device, a security policy for the network security device specifies the indicated types of 
monitored network information for which to generate network security information and 
specifies data related to the monitored network information to be included in the 
generated network security information. 

4. (Original) The method of claim 1 wherein the distributed security control 
information is software to be executed by the multiple network security devices to 
control the generation of the network security information. 
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5. (Original) The method of claim 1 wherein the distributed security control 
information is a security policy template that defines the network security information to 
be generated, and including: 

after a copy of the security policy template has been sent to each of the 
multiple network security devices, configuring each copy of the security policy template 
with information specific to the network security device to which the security policy 
template was sent. 

6. (Original) The method of claim 1 wherein after the notifying of the primary 
supervisor device, the primary supervisor device sends the generated network security 
information to the manager device by: 

retrieving from each of the determined alternate supervisor devices the 
network security information generated by the indicated network security device; 

retrieving any network security information generated by the indicated 
network security device that is stored by the primary supervisor device; and 

sending the retrieved network security information to the manager device. 

7. (Original) The method of claim 1 including after the receiving of the 
generated network security information, aggregating the portions of the generated 
network security information stored by the determined alternate supervisor devices and 
any portion of the generated network security information stored by the primary 
supervisor device. 

8. (Original) The method of claim 1 wherein information is sent between the 
manager device and the supervisor devices and between the supervisor devices and 
the network security devices in a secure form so that others do not have access to 
contents of the information. 

9. (Original) The method of claim 1 including displaying to a user the 
plurality of network security devices and the plurality of supervisor devices in such a 
manner that the primary supervisor device for each of the network security devices Is 
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visually indicated, and wherein the distributing of the security control information to the 
multiple network security devices is in response to selection by the user of the 
displayed multiple network security devices. 

10. (Original) The method of claim 1 including displaying to a user the 
plurality of network security devices and the plurality of supervisor devices in such a 
manner that the primary supervisor device for each of the network security devices is 
visually indicated, and wherein the aggregating of the network security information 
generated by an indicated one of the multiple network security devices is in response to 
a visual indication by the user of the one multiple network security device. 

11. (Original) A method for collecting security information generated by a 
security device, the generated security information based on network information 
passing between other network devices, the generated security information stored on at 
least one host device distinct from the security device, the method comprising: 

receiving a request for the generated security information; 
determining the host devices on which at least portions of the generated 
security information are stored; and 

when there are multiple determined host devices, 

for each of the multiple determined host devices, retrieving the 
portions of the generated security information that are stored on the host device; and 

aggregating the retrieved portions of the generated security 

information. 

12. (Original) The method of claim 11 including determining a host device 
that is a primary host device for the security device, and wherein the portions of the 
generated security information from each of the multiple determined host devices are 
retrieved from the primary host device after the primary host device collects the portions 
from the multiple determined host devices. 
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13. (Original) The metliod of claim 11 including requesting from each of the 
multiple determined host devices the portions of the generated security information that 
are stored on the host device. 

14. (Original) The method of claim 11 wherein the aggregating of the 
retrieved portions of the generated security information includes sorting the aggregated 
security information chronologically. 

15. (Original) The method of claim 11 wherein the aggregating of the 
retrieved portions of the generated security information includes sorting the aggregated 
security information by type of security information. 

16. (Original) The method of claim 11 wherein the received request for the 
generated security information is from a user, and including displaying the aggregated 
security information to the user. 

17. (Original) The method of claim 11 including determining a change needed 
in network information allowed to pass between the other network devices based on the 
aggregated security information. 

18. (Original) The method of claim 11 including displaying to a user a view 
including the security device and the host devices, and wherein the request for the 
generated security information involves a visual indication by the user of the security 
device. 

19. (Original) A method for collecting security information generated by a 
security device, the generated security information based on network information 
passing between other network devices, the generated security information stored on 
multiple host devices distinct from the security device, the method comprising: 
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receiving a request from a manager device for the generated security 

information; 

receiving an indication of the multiple host devices which store portions of 
the generated security information; 

retrieving from each of the multiple host devices the stored portions of the 
generated security information; and 

sending to the manager device the retrieved portions of the generated 
security information, 

so that the manager device can aggregate the portions of the generated security 
information stored by the multiple host devices. 

20. (Original) The method of claim 19 including: 

before sending to the manager device the retrieved portions of the 
generated security information, determining that the manager device is predefined as 
being authorized to receive the generated security information. 

21. (Original) The method of claim 19 including: 

receiving from the manager device access information; and 
before sending to the manager device the retrieved portions of the 
generated security information, determining that the access information authorizes a 
sender of the access information to receive the generated security information. 

22. (Original) The method of claim 19 including: 

before sending to the manager device the retrieved portions of the 
generated security information, formatting the retrieved portions in a manner accessible 
only to the manager device. 

23. (Original) The method of claim 19 wherein the indications of the multiple 
host devices which store portions of the generated security information is received from 
the manager device. 
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24. (Original) The method of claim 19 including before receiving the 
indications of the multiple host devices which store portions of the generated security 
information, contacting the security device to determine the multiple host devices. 

25. (Original) A method for storing security information generated by a 
security device in a distributed manner so as to ensure the security information is 
available, the security information based on network information passing between 
network devices, the method comprising: 

identifying whether a primary supervisor device for the security device is 
available to store received security Information; 

when the primary supervisor device is available, storing the security ' 
information on the primary supervisor device; and 

when the primary supervisor device is not available, storing the security 
information on an alternate supervisor device, 

so that a manager device can retrieve all of the security information because alternate 
supervisor devices will store the information when the primary supervisor device is 
unavailable. 

26. (Original) The method of claim 25 including generating the security 
information by: 

retrieving a policy which indicates types of network information; 
monitoring the network information passing between the network devices; 

and 

when the monitored network information is of a type indicated by the 
policy, generating security information about the monitored network information. 

27. (Original) The method of claim 26 wherein the policy for the network 
security device indicates types of information to be included in the generated security 
information. 
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28. (Original) The method of claim 25 including: 

before storing the security information on a supervisor device, determining 
that the supervisor device is predefined as being authorized to receive the security 
information. 

29. (Original) The method of claim 25 including: 

before storing the security information on a supervisor device, formatting 
the security information in a manner accessible only to the supervisor device. 

30. (Original) The method of claim 25 wherein the method is performed by 
the security device, and including sending the security information to the supervisor 
device that will store the security information in a manner accessible only to the 
supervisor device. 

31. (Original) A method for distributing security policy implementation 
information to multiple security devices for use in implementing a security policy, the 
method comprising: 

for each of the security devices, determining a supervisor device currently 
associated with the security device; 

distributing the security policy implementation information to each of the 
determined supervisor devices; and 

indicating to each of the determined supervisor devices to distribute the 
security policy implementation information to the security devices with which the 
supervisor device is associated. 

32. (Original) The method of claim 31 wherein the security policy 
implementation information is software to be executed by the security devices to control 
the implementing of the security policy. 
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33. (Original) The method of claim 31 wherein the security policy 
implementation information is a security policy template that indicates the security 
information to be generated. 

34. (Original) The method of claim 33 including: 

after the security policy implementation information has been distributed 
to each of the security devices, configuring the security policy implementation 
information distinctly on each security device. 

35. (Original) The method of claim 31 wherein the security policy 
implementation information is an instruction to be executed by the multiple security 
devices related to the implementing of the security policy. 

36. (Original) The method of claim 31 wherein the security policy 
implementation information is information common to the multiple security devices, and 
wherein for each of the multiple security devices the common information is for 
configuring a security policy template for the security device with information specific to 
the security device. 

37. (Original) The method of claim 31 wherein before the security policy 
implementation information is distributed to each of the multiple security devices, at 
least some of the multiple security devices have existing security policy implementation 
information of a similar type, and wherein for those security devices the security policy 
implementation information to be distributed will replace the existing security policy 
implementation information. 

38. (Original) The method of claim 31 wherein before the security policy 
implementation information is distributed to each of the multiple security devices, at 
least some of the multiple security devices have existing security policy implementation 
information of a similar type, and wherein for those security devices the security policy 



-10- 



Attorney Docket No. 248588002US1 

implementation information to be distributed will supplement the existing security policy 
implementation information. 

39. (Original) The method of claim 31 wherein the distributing of the security 
policy implementation information to each of the determined supervisor devices is 
performed in a manner such that the security policy implementation information is not 
accessible to other devices. 

40. (Original) The method of claim 31 including displaying to a user a view of 
the multiple security devices and the supervisor devices currently associated with the 
security devices, and wherein the distributing of the security policy implementation 
information is in response to a visual selection by the user. 

41. -49. (Canceled) 

50. (Original) A method for distributing control information to multiple security 
devices for use in controlling the operation of the multiple security devices, the method 
comprising: 

for each of the security devices, determining a supervisor device currently 
associated with the security device; 

distributing the control information to each of the determined supervisor 

devices; and 

indicating to each of the determined supervisor devices to distribute the 
control information to the security devices with which the supervisor device is 
associated. 

51. (Original) The method of claim 50 wherein after the control information is 
distributed to the security devices, the security devices operate in accordance with the 
control information. 
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52. (Original) A method for a security device to operate in accordance with 
security policy implementation information distributed from a manager device, the 
method comprising: 

receiving security policy implementation information to be used by the 
security device in implementing a security policy; and 

using the security policy implementation information to implement the 
security policy. 

53. (Original) The method of claim 52 wherein the security policy 
implementation information is distributed to multiple security devices via a supervisor 
device associated with the multiple security devices. 

54. (Original) The method of claim 52 wherein the security policy 
implementation information is software to be executed by the security device to control 
the implementing of the security policy. 

55. (Original) The method of claim 52 wherein the security policy 
implementation information is a security policy template that indicates security 
information to be generated. 

56. (Original) The method of claim 55 including: 

after the security policy implementation information has been received, 
receiving from the manager device configuration information specific to the security 
device to customize the security policy template. 

57. (Original) The method of claim 52 wherein the security policy 
implementation information is an instruction to be taken by the security device related to 
the implementing of the security policy. 
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58. (Original) The method of claim 52 including: 

before using the security policy implementation information to implement 
the security policy, determining that the manager device is predefined as being 
authorized to distribute the security policy implementation information. 

59. (Original) The method of claim 52 including: 

receiving from the manager device access information; and 
before using the security policy implementation information to implement 
the security policy, determining that the access information authorizes a sender of the 
access information to distribute the security policy implementation information. 

60. (Original) A method for collecting security information generated by a 
security device, the generated security information based on network information 
passing between other network devices, the generated security information stored on at 
least one host device distinct from the security device, the method comprising: 

displaying to a user a view including the security device and the host 

devices; 

receiving from the user a visual indication of a security device from which 
to retrieve generated security information; 

determining the host devices on which at least portions of the generated 
security information are stored; 

retrieving the portions of the generated security information that are stored 
on the determined host devices; and 

aggregating the retrieved portions of the generated security information. 

61. (Original) The method of claim 60 including displaying to the user the 
aggregated generated security information. 
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62. (Original) The method of claim 60 wherein the view of the security device 
and of the host devices includes a visual indication of a host device that is a primary 
host device for the security device. 

63. (Original) The method of claim 60 wherein the view of the security device 
and of the host devices includes visual indications of the determined host devices. 

64. (Original) The method of claim 60 wherein a visual indication displayed in 
the view of a device performing the method is modified to indicate that the generated 
security information has been retrieved. 

65. -68. (Canceled) 

69. (Original) A method for displaying security information generated by a 
security device, the generated security information based on network information 
passing between other network devices, portions of the generated security information 
stored on multiple host devices distinct from the security device, the method 
comprising: 

displaying to a user a view including the security device and the host 

devices; 

receiving from the user an indication of a security device from which to 
retrieve generated security information; and 

displaying to the user an aggregation of the portions of the generated 
security information retrieved from the multiple host devices. 

70. (Original) The method of claim 69 wherein the view of the security device 
and of the host devices includes visual indications of the multiple host devices. 

71 . (Original) The method of claim 69 wherein a visual indication displayed in 
the view of a device performing the method is modified to indicate that the generated 
security information has been retrieved. 
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72.-76. (Canceled) 

77. (Original) A computer-readable medium whose contents cause a 
manager device to collect security information generated by a security device, the 
generated security information based on network information passing between other 
network devices, the generated security information stored on at least one host device 
distinct from the security device, by: 

receiving a request for the generated security information; 
determining the host devices on which at least portions of the generated 
security information are stored; and 

when there are multiple determined host devices, 

for each of the multiple determined host devices, retrieving the 
portions of the generated security information that are stored on the host device; and 

aggregating the retrieved portions of the generated security 

information. 

78. (Original) The computer-readable medium of claim 77 wherein the 
contents further cause the manager device to determine a host device that is a primary 
host device for the security device, and wherein the portions of the generated security 
information for each of the multiple determined host devices are retrieved from the 
primary host device. 

79. (Original) The computer-readable medium of claim 77 wherein the 
aggregating of the retrieved portions of the generated security information includes 
sorting the aggregated security information chronologically. 

80. (Original) The computer-readable medium of claim 77 wherein the 
received request for the generated security information is from a user, and wherein the 
contents further cause the manager device to display the aggregated security 
information to the user. 
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81. (Original) Tlie computer-readable medium of claim 77 wherein the 
contents further cause the manager device to display to a user a view including the 
security device and the host devices, and wherein the request for the generated 
security information involves a visual indication by the user of the security device. 

82. (Original) A computer-readable medium whose contents cause a 
manager device to distribute security policy implementation information to multiple 
security devices for use in implementing a security policy, by: 

for each of the security devices, determining a supervisor device currently 
associated with the security device; 

distributing the security policy implementation information to each of the 
determined supervisor devices; and 

indicating to each of the determined supervisor devices to distribute the 
security policy implementation information to the security devices with which the 
supervisor device is associated. 

83. (Original) The computer-readable medium of claim 82 wherein the 
security policy implementation information is software to be executed by the security 
devices to control the implementing of the security policy. 

84. (Original) The computer-readable medium of claim 82 wherein the 
security policy implementation information is a security policy template that indicates 
the security information to be generated. 

85. (Original) The computer-readable medium of claim 84 wherein the 
contents further cause the manager device to, after the security policy implementation 
information has been distributed to each of the security devices, configure the security 
policy implementation information distinctly on each security device. 
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86. (Original) Tlie computer-readable medium of claim 82 wherein the 
security policy implementation information is an instmction to be executed by the 
multiple security devices related to the implementing of the security policy. 

87. (Original) The computer-readable medium of claim 82 wherein the 
contents further cause the manager device to display to a user a view of the multiple 
security devices and the supervisor devices currently associated with the security 
devices, and wherein the distributing of the security policy implementation information is 
in response to a visual selection by the user. 

88. (Original) A computer system for collecting security information generated 
by a security device, the generated security information based on network information 
passing between other network devices, the generated security information stored on at 
least one host device distinct from the security device, comprising: 

a user interface component that receives from a user a request for the 
generated security information; and 

a security information retriever that determines the host devices on which 
at least portions of the generated security information are stored, and that when there 
are multiple determined host devices, for each of the multiple determined host devices, 
retrieves the portions of the generated security information that are stored on the host 
device and aggregates the retrieved portions of the generated security information. 

89. (Original) The computer system of claim 88 wherein the user interface 
component is capable of generating a graphical display of the aggregated security 
information. 

90. (Original) The computer system of claim 88 wherein the user interface 
component is capable of generating a graphical display including a hierarchical view of 
the security device and the host devices, and wherein the user interface component is 
further for receiving a visual indication of the security device indicating the request for 
the generated security information of the indicated security device. 
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91.-94. (Canceled) 

95. (Original) A computer system for storing security information generated 
by a security device in a distributed manner so as to ensure the security information is 
available, the security information based on network information passing between 
network devices, comprising: 

a storage identifier for identifying whether a primary supervisor device for 
the security device is available to store received security information; and 

an information storer for storing the security information on the primary 
supervisor device if the primary supervisor device is available, and for storing the 
security information on an alternate supervisor device when the primary supervisor 
device is not available. 

96. (Original) The computer system of claim 95 further comprising: 

a security information generator for retrieving a policy which indicates 
types of network information, for monitoring the network information passing between 
the network devices, and for generating security information about the monitored 
network information when the monitored network information is of a type indicated by 
the policy. 

97. (Original) The computer system of claim 95 further comprising: 

a security component for determining that a supervisor device is 
predefined as being authorized to receive the security information before storing the 
security information on the supervisor device. 

98. (Original) A computer system that implements a security policy in 
accordance with security policy implementation information distributed from a manager 
device, comprising: 

a security policy information receiver for receiving security policy 
implementation information to be used in implementing a security policy; and 
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a security policy implementer for using the security policy implementation 
information to implement the security policy. 

99. (Original) The computer system of claim 98 wherein the security policy 
implementation information is software to be executed by the security device to control 
the implementing of the security policy. 

100. (Original) The computer system of claim 98 wherein the security policy 
implementation information is a security policy template that indicates security 
information to be generated. 

1 01 . (Original) The computer system of claim 98 further comprising: 

a security component for detennining that the manager device is 
predefined as being authorized to distribute the security policy implementation 
information before using the security policy implementation information to implement 
the security policy. 

102. -105. (Canceled) 
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